Data Protection

GENERAL DATA PROTECTION REGULATIONS

As of 25 May 2018 new rules came into force governing how we deal with data. The General Data Protection Regulations 2018 govern how we deal with and protect your data.

Roger Richards Solicitors are the “Data Controller”, handling and storing your data, ensuring it is used in accordance with applicable data protection laws. We are committed to protecting and respecting your personal information. Please ensure you read this Notice so that you know what personal data we collect about you, what we do with it and how you can exercise your rights in connection with it.

Our Privacy Notice

About this Notice

This Notice explains how and why we, Roger Richards Solicitors, use personal data in connection with the work we do in all areas of our practice.

In this Notice, when we talk about “personal data” we mean any information that relates to an identifiable natural person – for example, you.

If you have any questions about our Privacy Notice and how we deal with your data, please contact our Data Manager, Caroline Thompson (cjt@rogerrichards.co.uk).

What types of personal data do we collect and where do we get if from?

For the purposes of this Notice, the personal data we process about you broadly falls into three main categories:

Contact Information

Identity and Other Regulatory Information

Matter Information

The table below sets out the difference types of personal data that we collect and the sources we collect if from.

Your professional advisor(s) Third party systems used for our regulatory checks

Matter Information

Details relating to your matters or enquiries with us

You

Your professional advisor(s)

We will only collect information from you that is relevant to the matter that we are dealing with. Examples of the “personal data” that we may collect are:

Personal details

Family, lifestyle and social circumstances

Financial details

We may also be required to collect “special category data” such as:

Physical or mental health details

Racial or ethnic origin

Religious beliefs or other beliefs of a similar nature

Criminal convictions

Sexual orientation

What do we do with your personal data, and why?

We use your personal data for a number of different purposes and in a number of ways to comply with a legal obligation or to protect legitimate interests. Your data will be stored and used throughout the life of your matter, some of which are:

Responding to your enquiries and communicating with you (including by telephone, email, text or post)

Performing identity checks for verification and to comply with Money Laundering Regulations

Providing advice and instructions to you throughout your matter

Monitoring our systems and processes in order to comply with the various Regulations and identify any possible criminal activity

Complying with instructions received from third parties including mortgage providers and the courts

To ensure accurate record keeping and client relationship and management

Reviewing and improving our products and services

In very limited circumstances, it may be necessary for us to process certain special categories of personal data (including, personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, health data or data about your sex life or sexual orientation), which require a higher standard of protection under applicable laws. We only process this type of information about your where it is absolutely necessary.

We have policies in place explaining our procedures for ensuring compliance with applicable laws in connection with the processing of personal data, and our practices in relation to the retention and erasure of personal data.

Who do we share your personal data with, and why?

As solicitors, we are governed by the Solicitors Regulation Authority. The Authority ensure that we follow the guidelines produced by the Law Society and that we also abide by their Code of Conduct.

Sometimes we share your personal data with third parties. There are strict guidelines about who we can share your personal data with and, where permitted by law, these may include the following:

other branches or offices of Roger Richards where necessary in connection with the legal matters we are instructed on or with our business operations

other law firms and courts, tribunals, barristers, medical experts, mortgage providers, insurance providers as applicable in the context of the legal services we provide to you

regulatory bodies and law enforcement authorities and agencies, where necessary for any investigations or to respond to enquiries in relation to our compliance with applicable law or regulations or in connection with criminal investigations, or where otherwise permitted or required by applicable law

Organisations that we may need to share your data with may also use your personal data as a “data controller”. They should have their own policies and responsibilities to comply with the applicable data protection laws.

We also ask third party providers to carry out certain business functions for us. These include ICT support, who help us with the operation of our case management systems, websites, and other applications. We have in place agreements with our service providers which will restrict how they are able to process your personal data and impose appropriate security standards on them.

Your information may be transferred outside the UK.

We will not sell, rent or trade your information under any circumstances.

We will not use your details for marketing purposes unless we have obtained your prior written consent.

How do we keep your personal data secure?

We have in place appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage. Please note that we cannot guarantee the security of any personal data you submit to us online. Transmission of data over the internet is at your own risk.

How long do we keep your personal data for?

We will only retain your personal data for a limited period of time, and for no longer than is necessary although this may be for more than five years. This will depend on a number of factors, including:

any laws or regulations that we are required to follow

whether we are in a legal or other type of dispute with each other or any third party

the type of information that we hold about you

whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.

What are your privacy rights and how can you exercise them?

You have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on; in which case, we will let you know.

Where our processing of your personal data is based on a legitimate interest, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.

Depending on the circumstances, you may have the right to:

access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the recipients or categories of recipient to whom it is disclosed and the period of which it will be stored

require us to correct any inaccuracies in your personal data without undue delay

require us to erase your personal data

require us to restrict processing of your personal data

If you would like more information, or to exercise any of your privacy rights, please contact our Data Manager, Caroline Thompson (cjt@rogerichards.co.uk). We also encourage you to let us know if you have any concerns about how we are processing our personal data so we can try to resolve your concerns. However, if you consider that we are in breach of our obligations under data protection laws, you are always entitled to submit a complaint with the Information Commissioner’s Office.